For more than a decade, researchers at Carnegie Mellon University’s CyLab Security and Privacy Institute have been pioneering privacy food labeling, advocating a quick and easy way to show tech users how their data is being collected and used. In recent years, Apple has begun requiring app developers to disclose this type of information through privacy labels displayed on the iOS App Store. However, recent research has shown that app developers often struggle to create accurate privacy labels.
“Little advice, a laundry list of confusing terms, and a lack of privacy expertise among app developers often lead developers to create imprecise labels,” said Norman Sadeh, co-director of CMU’s Privacy Engineering Program and head of the Usable Privacy Policy Project.
“Inaccurate labels mislead users about what data an app may be collecting and how that app handles that data. In addition, it exposes app developers to legal penalties”
To solve this problem, Sadeh and his team developed a new tool, Privacy label Wiz (PLW), which provides app developers with an easy-to-use, step-by-step resource to effectively disclose their apps’ data practices.
Privacy Label Wiz provides developers with an efficient way to create accurate, user-friendly labels.
Jack Gardner, Recently graduated from CMU’s master’s program in privacy engineering and an important contributor to the development of the tool
“Privacy Label Wiz provides developers with an efficient way to create accurate, easy-to-use labels,” said Jack Gardner, a recent graduate of CMU’s Privacy Engineering master’s program and a key contributor to the development of the tool.
“Our tool not only generates a preliminary report based on the analysis of an app’s code, but also solicits input from developers to support full consideration of their app’s functionality.”
After installing the tool, developers are prompted to load the static code of their apps. The code stays on their computer and is never shared with anyone. Privacy label Wiz then analyzes the code to identify likely data collection and usage practices, including whether the app records financial information, browsing history, the user’s location, or enables access to the device’s photos or camera, among other things. The wizard also looks at whether sensitive data is being shared with third parties, such as advertisers or marketing companies, and more generally looks for other practices that developers should disclose in their iOS privacy labels.
Developers are then asked to review the tool’s analysis and confirm, amend, or supplement information about what data their app collects, how that data is processed, and who it may be shared with, so that app developers can correct it if necessary. answer additional questions.
Source: Privacy label Wiz
Once data collection and usage practices are determined, Privacy Label Wiz asks developers to confirm where the information is being sent and who can access it.
“In our research, we found that developers often struggle with some of the terminology used by the iOS privacy labels and with the disclosure of a number of different data practices, such as sharing sensitive data with third parties,” says Sadeh.
“Privacy Label Wiz is designed to systematically discuss an extensive list of questions with the developer and provide them with the support they need to more accurately disclose their app’s data practices.”
Privacy Label Wiz is now available for general, non-commercial use, with options for developers to commercially license the tool.
Source: Privacy label Wiz
When the process is complete, Privacy Label Wiz generates a summary report for developers to review.
Privacy Label Wiz Contributors
Core team members:
Jack Gardner, Akshath Jain, Yuayuan Feng, Norman Sadeh
Early contributors:
Kayla Reiman and Zhi Lin